| View previous topic :: View next topic |
| Author |
Message |
raddaqii
Tux's lil' helper
Joined: 27 Mar 2005
Posts: 110
Location: Berlin, Old Europe
|
 Posted: Wed Jan 13, 2021 9:18 pm Post subject: Unintentional MAC randomization active, want to disable |
 |
|
Minor annoyance. On this laptop I haven't used for quite some time apparently I have MAC randomization enabled. Connecting to it via LAN is just fine, so I have connectivity. However I'd also want it to connect to my wifi, which effectively fails, because on each attempt it has a new MAC address.
Which is both odd because I don't remember that I set it up this way, and because there is no IPv6 involved here, so no privacy extensions. From the logs:
| Code: | Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.0731] device (wlp3s0): Activation: starting connection 'my-wifi-name' (93cb7696-3c04-4fcb-94a9-06347bf72e8e)
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.0733] device (wlp3s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.0948] device (wlp3s0): set-hw-addr: reset MAC address to 24:77:03:1F:3E:98 (preserve)
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4828] device (wlp3s0): supplicant interface state: inactive -> disabled
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4830] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4833] device (wlp3s0): Activation: (wifi) access point 'my-wifi-name' has security, but secrets are required.
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4833] device (wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4845] device (wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4849] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.4851] device (wlp3s0): Activation: (wifi) connection 'my-wifi-name' has security, and secrets exist. No new secrets neede>
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.5048] device (wlp3s0): supplicant interface state: disabled -> inactive
Jan 13 22:00:07 glossop NetworkManager[2617]: <info> [1610571607.5146] device (wlp3s0): supplicant interface state: inactive -> scanning
Jan 13 22:00:10 glossop NetworkManager[2617]: <info> [1610571610.1591] device (wlp3s0): supplicant interface state: scanning -> authenticating
Jan 13 22:00:10 glossop NetworkManager[2617]: <info> [1610571610.1768] device (wlp3s0): supplicant interface state: authenticating -> associating
Jan 13 22:00:10 glossop NetworkManager[2617]: <info> [1610571610.4347] device (wlp3s0): supplicant interface state: associating -> disconnected
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.4447] device (wlp3s0): supplicant interface state: disconnected -> scanning
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.5485] device (wlp3s0): supplicant interface state: scanning -> authenticating
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.5586] device (wlp3s0): supplicant interface state: authenticating -> associating
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.5948] device (wlp3s0): supplicant interface state: associating -> associated
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.6847] device (wlp3s0): supplicant interface state: associated -> 4-way handshake
Jan 13 22:00:20 glossop NetworkManager[2617]: <warn> [1610571620.7169] sup-iface[0x5616957a8080,wlp3s0]: connection disconnected (reason -1)
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.7248] device (wlp3s0): supplicant interface state: 4-way handshake -> disconnected
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.7250] device (wlp3s0): Activation: (wifi) disconnected during association, asking for new key
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.7251] device (wlp3s0): state change: config -> need-auth (reason 'supplicant-disconnect', sys-iface-state: 'managed')
Jan 13 22:00:20 glossop NetworkManager[2617]: <warn> [1610571620.7277] device (wlp3s0): no secrets: No agents were available for this request.
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.7277] device (wlp3s0): state change: need-auth -> failed (reason 'no-secrets', sys-iface-state: 'managed')
Jan 13 22:00:20 glossop NetworkManager[2617]: <warn> [1610571620.7283] device (wlp3s0): Activation: failed for connection 'my-wifi-name'
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.7287] device (wlp3s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Jan 13 22:00:20 glossop NetworkManager[2617]: <info> [1610571620.7548] device (wlp3s0): set-hw-addr: set MAC address to 5E:30:28:65:B7:3E (scanning)
Jan 13 22:00:21 glossop NetworkManager[2617]: <info> [1610571621.1368] device (wlp3s0): supplicant interface state: disconnected -> disabled
Jan 13 22:00:21 glossop NetworkManager[2617]: <info> [1610571621.1648] device (wlp3s0): supplicant interface state: disabled -> inactive
|
and
| Code: |
[345703.379049] wlp3s0: authenticate with d8:07:b6:23:42:b4
[345703.426081] wlp3s0: send auth to d8:07:b6:23:42:b4 (try 1/3)
[345703.437715] wlp3s0: authenticated
[345703.438211] wlp3s0: waiting for beacon from d8:07:b6:23:42:b4
[345713.781978] wlp3s0: authenticate with 52:d4:f7:23:42:e0
[345713.815668] wlp3s0: send auth to 52:d4:f7:23:42:e0 (try 1/3)
[345713.820684] wlp3s0: authenticated
[345713.822130] wlp3s0: associate with 52:d4:f7:23:42:e0 (try 1/3)
[345713.840889] wlp3s0: RX AssocResp from 52:d4:f7:23:42:e0 (capab=0x111 status=0 aid=5)
[345713.847690] wlp3s0: associated
[345713.970904] ccm: disagrees about version of symbol module_layout
[345713.971489] wlp3s0: deauthenticating from 52:d4:f7:23:42:e0 by local choice (Reason: 1=UNSPECIFIED)
[345713.996837] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[345714.032565] iwlwifi 0000:03:00.0: Radio type=0x0-0x3-0x1
[345714.302623] iwlwifi 0000:03:00.0: Radio type=0x0-0x3-0x1
[345714.398160] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
[346056.052496] iwlwifi 0000:03:00.0: Radio type=0x0-0x3-0x1
[346056.332578] iwlwifi 0000:03:00.0: Radio type=0x0-0x3-0x1
[346056.428212] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready
|
So, pretty clear to me, it authenticates to d8:07:b6:23:42:b4, gets a reply from 52:d4:f7:23:42:e0 (which is plausible) then gets kicked because I whitelist MAC addresses.
When I check ip -a the wlp3s0's MAC changes about every 90 seconds.
While I could turn off whitelisting feature on the APs, I don't want to but rather understand what is going on, and how to turn off the client behaviour. Any pointers?
_________________
--
Gentoo from 2004.3
Oh, took a new home in the fediverse: find me in the stream on pluspora.com: https://pluspora.com/tags/gentoo |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9891
Location: almost Mile High in the USA
|
| Posted: Wed Jan 13, 2021 11:45 pm Post subject: |
|
|
Networkmanager does have a random MAC mode, you should disable it. It's the "Cloned MAC address" option. Just make sure it's not this...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
gengreen
Apprentice
Joined: 23 Dec 2017
Posts: 150
|
| Posted: Thu Jan 14, 2021 8:35 pm Post subject: |
|
|
| Quote: | | [345713.970904] ccm: disagrees about version of symbol module_layout |
To make sure you pointed the right problem could you turn off the whitelist and confirm
_________________
Less is best |
|
| Back to top |
|
|
raddaqii
Tux's lil' helper
Joined: 27 Mar 2005
Posts: 110
Location: Berlin, Old Europe
|
| Posted: Fri Feb 05, 2021 1:45 pm Post subject: |
|
|
Thank you @eccerr0r. So I checked.. there was no explicit randomization configured in /etc/NetworkManager/system-connections/my-wifi-network.nmconnection or globally in /etc/NetworkManager/NetworkManager.conf. Also, this confusion did not apply.
Sadly I failed to check the output of this before I made any changes. :roll:
| Code: |
nmcli connection show my-wifi-name | grep address
802-11-wireless.mac-address: --
802-11-wireless.cloned-mac-address: permanent
802-11-wireless.generate-mac-address-mask:--
802-11-wireless.mac-address-blacklist: --
802-11-wireless.mac-address-randomization:never
ipv4.addresses: --
ipv6.addresses: --
|
- it shows, in order
- no hardcoded addresses in the configuration
- the deprecated parameter cloned-mac-address: permanent, which could be just fine in the dbus world of old
- generate-mac-address-mask is empty; it would allow you to generate vendor/OUI compliant addresses allows by specifying which certain bits are fixed
- mac-address-blacklist, for client-side blacklisting rogue aps
- mac-address-randomization: never should disable the feature I don't want
so I may have missed seeing it being set up that way.
Anyhow, in that same connection config file I put this, using information from a Fedora related post and making it permanent with this list of options from GNOME.
All this is still not having the desired effect though. Laptop won't connect.
Have no other result to show than this, I sorta lost track of the old device and will come back to this later.
_________________
--
Gentoo from 2004.3
Oh, took a new home in the fediverse: find me in the stream on pluspora.com: https://pluspora.com/tags/gentoo |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
